CVE-2026-41363
Path Traversal in OpenClaw Feishu Extension Enables Arbitrary File Access
Publication date: 2026-04-28
Last updated on: 2026-04-28
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | From 2026.2.6 (inc) to 2026.3.28 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-41363 is a path traversal vulnerability found in the Feishu extension's resolveUploadInput function of OpenClaw versions 2026.2.6 through 2026.3.24. This flaw allows attackers to bypass file-system sandbox restrictions by exploiting improper path resolution during upload_image operations.
Because of this vulnerability, attackers can read arbitrary files outside the configured localRoots boundaries, which are supposed to restrict file access to certain directories.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-41363 allows attackers to read arbitrary files outside the intended sandbox, leading to unauthorized disclosure of potentially sensitive information.
Such unauthorized file access and data exfiltration could result in breaches of confidentiality, which may impact compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal and sensitive data.
Organizations using affected OpenClaw versions should consider this vulnerability a risk to data confidentiality and take appropriate remediation steps to maintain compliance with these standards.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with low privileges and no user interaction to read arbitrary files on the host system outside the intended sandbox directories.
Such unauthorized file reads can lead to a breach of confidentiality, exposing sensitive or private data stored on the system.
The attack requires network access and has a high attack complexity, but it does not affect data integrity or system availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2026-41363 involves identifying attempts to exploit the path traversal vulnerability in the Feishu extension's upload_image operation. Since the vulnerability allows reading arbitrary files outside the configured localRoots boundaries, monitoring for unusual file access patterns or suspicious upload_image requests that include path traversal sequences (e.g., ../) can help detect exploitation attempts.
Specific commands or tools are not detailed in the provided resources. However, general detection methods may include:
- Reviewing application logs for upload_image requests containing path traversal patterns.
- Using network monitoring tools to detect suspicious HTTP requests targeting the Feishu extension upload endpoints.
- Employing file integrity monitoring to detect unauthorized file reads outside the localRoots sandbox.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.3.28 or later, where the vulnerability has been fixed by enforcing the localRoots sandbox on Feishu DOCX upload file reads.
Until the upgrade can be applied, consider restricting network access to the vulnerable Feishu extension upload endpoints to trusted users only, and monitor for suspicious upload_image activity that may indicate exploitation attempts.